US12041059B1ActiveUtility

Device enrollment identity verification

89
Assignee: HYPR CORPPriority: Jul 11, 2023Filed: Jul 11, 2023Granted: Jul 16, 2024
Est. expiryJul 11, 2043(~17 yrs left)· nominal 20-yr term from priority
H04L 63/083H04L 9/321H04L 9/3234H04W 12/06H04L 63/0876H04L 63/0823H04L 63/0807H04L 63/102H04W 12/068H04L 9/3247
89
PatentIndex Score
6
Cited by
16
References
40
Claims

Abstract

Provided are systems, processes, and methods for identity management, such as the verification of an identity of a user of device for securely onboarding a device remotely and other use cases. A user may access a webpage or obtain a native application on their device with which the user engages to prove their identity to an identity verifier delegated to attest to the identity of the user. A communication session is established between the user and the identity verifier via their respective devices. If the identity verifier attests to the asserted identity of the user, the device of the user may be issued a deep link, code, or other for the establishment or exchange of credential information with an identity management system. Embodiments of such systems may also be used for other instances of identity or device verification.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for verifying an identity of a user, comprising:
 receiving, from a device of a user, a request to verify an identity of the user; 
 receiving, from the device of the user, an initial user identifier by which a record associated with an asserted user identity is identifiable; 
 obtaining, from the device of the user, at least two device verification values; 
 obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user; 
 issuing, to the verifying user, a notification indicative of a pending identity verification request corresponding to the user; 
 receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user and providing for review by the verifying user on the verifying device the at least two device verification values; 
 establishing a chat session between the verifying device and the device of the user, wherein:
 at least one attachment is detected as being uploaded by the device of the user; and 
 at least one audio or video communication session is detected between the verifying device and the device of the user; 
 
 after the detecting, receiving a selection performed by the verifying user on the verifying device to attest to the identity of the user as being the asserted user identity; and 
 in response to receiving the selection attesting to the identity of the user, permissioning establishment of a credential on the device of the user for the asserted user identity. 
 
     
     
       2. The method of  claim 1 , wherein receiving, from a device of a user, a request to verify an identity of the user comprises:
 receiving the request via a web page accessed by the device with a web browser, 
 receiving the request via a web application accessed by the device with the web browser, 
 receiving the request via an application programming interface, or 
 receiving the request via an identity management application executed by the device. 
 
     
     
       3. The method of  claim 1 , wherein an initial user identifier is:
 a username corresponding to the asserted user identity, 
 an email address corresponding to the asserted user identity, 
 a given name corresponding to the asserted user identity, or 
 an identification number corresponding to the asserted user identity. 
 
     
     
       4. The method of  claim 1 , wherein obtaining, from the device of the user, at least two device verification values comprises:
 obtaining a code transmitted to an account corresponding to the asserted user identity; and 
 obtaining at least one location value. 
 
     
     
       5. The method of  claim 4 , wherein obtaining a code transmitted to an account corresponding to the asserted user identity comprises:
 transmitting the code to a mobile telephone number associated with the asserted user identity, 
 transmitting the code to an email address associated with the asserted user identity, or 
 transmitting the code to a messaging service account associated with the asserted user identity. 
 
     
     
       6. The method of  claim 4 , wherein obtaining at least one location value comprises one or more of:
 obtaining global positioning system (GPS) location reported by a GPS receiver of the device, 
 obtaining an internet protocol-based location reported for the device, or 
 obtaining a wireless carrier-based location reported for the device. 
 
     
     
       7. The method of  claim 1 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
 obtaining user account information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user based on the user account information. 
 
     
     
       8. The method of  claim 1 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
 obtaining verifying device information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user to the verifying device. 
 
     
     
       9. The method of  claim 1 , wherein receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user comprises:
 receiving indication of the selection within a web page accessed by the verifying device under an account of the verifying user with a web browser, 
 receiving indication of the selection within a web application accessed by the device under the account of the verifying user with the web browser, or 
 receiving indication of the selection within an identity verification application executing on the verifying device of the verifying user. 
 
     
     
       10. The method of  claim 1 , wherein providing for review by the verifying user on the verifying device the at least two device verification values comprises transmitting:
 an indication of verification of a code received from the device, and 
 an indication of a location corresponding to the device. 
 
     
     
       11. The method of  claim 1 , wherein establishing a chat session between the verifying device and the device of the user comprises:
 initializing a first chat interface for display by the verifying device to the verifying user; and 
 initializing a second chat interface for display by the device to the user, wherein messages received from the respective devices are displayed within the chat interfaces. 
 
     
     
       12. The method of  claim 11 , wherein detecting the at least one attachment as being uploaded by the device of the user comprises:
 obtaining an indication of a selection of a user interface element within the second chat interface to capture an image with the device of the user or select an image or a file on the device of the user; and 
 receiving a selected file or image or a captured image submitted by the device of the user within the second chat interface, the submitting causing the selected file or image or the captured image to be displayed within the first chat interface. 
 
     
     
       13. The method of  claim 11 , wherein detecting at least one audio or video communication session between the verifying device and the device of the user comprises:
 obtaining an indication of a selection of a user interface element within the second chat interface or the first chat interface to establish an audio or video communication session; and 
 establishing, responsive to the indication of the selection, the audio or video communication session between the verifying device and the device of the user. 
 
     
     
       14. The method of  claim 11 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
 transmitting, to the device of the user, a selectable link displayed within the second chat interface, the selectable link configured to cause the device of the user to request the establishment of credentials. 
 
     
     
       15. The method of  claim 14 , wherein the selectable link is a deep link into a native application. 
     
     
       16. The method of  claim 1 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
 transmitting, to the device of the user, a registration code for requesting the establishment of credentials. 
 
     
     
       17. The method of  claim 16 , wherein the registration code is a selectable link that when selected causes the device of the user to request the establishment of credentials. 
     
     
       18. The method of  claim 1 , wherein establishment of a credential on the device of the user for the asserted user identity comprises:
 receiving a public key of a public-private key pair generated on the device of the user; and 
 associating the public key with a record corresponding to the asserted user identity. 
 
     
     
       19. The method of  claim 18 , wherein one or more user credentials are established on the device of the user to govern access to the private key by the device subject to authentication of the user by the device on the one or more user credentials. 
     
     
       20. The method of  claim 1 , further comprising:
 permitting the device of the user access to a resource under the asserted user identity based on the credential. 
 
     
     
       21. A non-transitory computer-readable medium storing instructions that when executed by one or more processors cause the one or more processors to effectuate operations comprising:
 receiving, from a device of a user, a request to verify an identity of the user; 
 receiving, from the device of the user, an initial user identifier by which a record associated with an asserted user identity is identifiable; 
 obtaining, from the device of the user, at least two device verification values; 
 obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user; 
 issuing, to the verifying user, a notification indicative of a pending identity verification request corresponding to the user; 
 receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user and providing for review by the verifying user on the verifying device the at least two device verification values; 
 establishing a chat session between the verifying device and the device of the user, wherein:
 at least one attachment is detected as being uploaded by the device of the user; and 
 at least one audio or video communication session is detected between the verifying device and the device of the user; 
 
 after the detecting, receiving a selection performed by the verifying user on the verifying device to attest to the identity of the user as being the asserted user identity; and 
 in response to receiving the selection attesting to the identity of the user, permissioning establishment of a credential on the device of the user for the asserted user identity. 
 
     
     
       22. The non-transitory computer-readable medium of  claim 21 , wherein receiving, from a device of a user, a request to verify an identity of the user comprises:
 receiving the request via a web page accessed by the device with a web browser, receiving the request via a web application accessed by the device with the web browser, 
 receiving the request via an application programming interface, or 
 receiving the request via an identity management application executed by the device. 
 
     
     
       23. The non-transitory computer-readable medium of  claim 21 , wherein an initial user identifier is:
 a username corresponding to the asserted user identity, 
 an email address corresponding to the asserted user identity, 
 a given name corresponding to the asserted user identity, or 
 an identification number corresponding to the asserted user identity. 
 
     
     
       24. The non-transitory computer-readable medium of  claim 21 , wherein obtaining, from the device of the user, at least two device verification values comprises:
 obtaining a code transmitted to an account corresponding to the asserted user identity; and 
 obtaining at least one location value. 
 
     
     
       25. The non-transitory computer-readable medium of  claim 24 , wherein obtaining a code transmitted to an account corresponding to the asserted user identity comprises:
 transmitting the code to a mobile telephone number associated with the asserted user identity, 
 transmitting the code to an email address associated with the asserted user identity, or 
 transmitting the code to a messaging service account associated with the asserted user identity. 
 
     
     
       26. The non-transitory computer-readable medium of  claim 24 , wherein obtaining at least one location value comprises one or more of:
 obtaining global positioning system (GPS) location reported by a GPS receiver of the device, 
 obtaining an internet protocol-based location reported for the device, or 
 obtaining a wireless carrier-based location reported for the device. 
 
     
     
       27. The non-transitory computer-readable medium of  claim 21 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
 obtaining user account information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user based on the user account information. 
 
     
     
       28. The non-transitory computer-readable medium of  claim 21 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
 obtaining verifying device information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user to the verifying device. 
 
     
     
       29. The non-transitory computer-readable medium of  claim 21 , wherein receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user comprises:
 receiving indication of the selection within a web page accessed by the verifying device under an account of the verifying user with a web browser, 
 receiving indication of the selection within a web application accessed by the device under the account of the verifying user with the web browser, or 
 receiving indication of the selection within an identity verification application executing on the verifying device of the verifying user. 
 
     
     
       30. The non-transitory computer-readable medium of  claim 21 , wherein providing for review by the verifying user on the verifying device the at least two device verification values comprises transmitting:
 an indication of verification of a code received from the device, and 
 an indication of a location corresponding to the device. 
 
     
     
       31. The non-transitory computer-readable medium of  claim 21 , wherein establishing a chat session between the verifying device and the device of the user comprises:
 initializing a first chat interface for display by the verifying device to the verifying user; and 
 initializing a second chat interface for display by the device to the user, wherein messages received from the respective devices are displayed within the chat interfaces. 
 
     
     
       32. The non-transitory computer-readable medium of  claim 31 , wherein detecting the at least one attachment as being uploaded by the device of the user comprises:
 obtaining an indication of a selection of a user interface element within the second chat interface to capture an image with the device of the user or select an image or a file on the device of the user; and 
 receiving a selected file or image or a captured image submitted by the device of the user within the second chat interface, the submitting causing the selected file or image or the captured image to be displayed within the first chat interface. 
 
     
     
       33. The non-transitory computer-readable medium of  claim 31 , wherein detecting at least one audio or video communication session between the verifying device and the device of the user comprises:
 obtaining an indication of a selection of a user interface element within the second chat interface or the first chat interface to establish an audio or video communication session; and 
 establishing, responsive to the indication of the selection, the audio or video communication session between the verifying device and the device of the user. 
 
     
     
       34. The non-transitory computer-readable medium of  claim 31 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
 transmitting, to the device of the user, a selectable link displayed within the second chat interface, the selectable link configured to cause the device of the user to request the establishment of credentials. 
 
     
     
       35. The non-transitory computer-readable medium of  claim 34 , wherein the selectable link is a deep link into a native application. 
     
     
       36. The non-transitory computer-readable medium of  claim 21 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
 transmitting, to the device of the user, a registration code for requesting the establishment of credentials. 
 
     
     
       37. The non-transitory computer-readable medium of  claim 36 , wherein the registration code is a selectable link that when selected causes the device of the user to request New establishment of credentials. 
     
     
       38. The non-transitory computer-readable medium of  claim 21 , wherein establishment of a credential on the device of the user for the asserted user identity comprises:
 receiving a public key of a public-private key pair generated on the device of the user; and 
 associating the public key with a record corresponding to the asserted user identity. 
 
     
     
       39. The non-transitory computer-readable medium of  claim 38 , wherein one or more user credentials are established on the device of the user to govern access to the private key by the device subject to authentication of the user by the device on the one or more user credentials. 
     
     
       40. The non-transitory computer-readable medium of  claim 21 , the operations further comprising:
 permitting the device of the user access to a resource under the asserted user identity based on the credential.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.